Bug in iOS 7 Allows Users to Bypass Activation Lock and Disable Find My iPhone
Originally starting with the release of iOS 7, deleting an iCloud account or restoring a device requires the Find My iPhone feature to be disabled. In turn, Find My iPhone requires the user to enter the password for the Apple ID attached to the iCloud account – a system which is put into place to ensure that phone thieves can’t remove the account and avoid being tracked through the Find My iPhone website. Unfortunately, there appears to be an easy way to bypass this requirement as demonstrated in the video below:
To do so, you’ll first need to tap both “Delete Account” and the switch to disable Find My iPhone at the same time in the iCloud Settings panel. This ironically appears to be the most difficult step in the process. When prompted for a password, hold down the power button and shut down the phone. Upon restarting your phone, you’ll be able to go into the iCloud settings panel and remove the account without being prompted for our password. After this, you’ll be able to plug the iPhone into iTunes and restore it with ease. Aside from this the feature won’t kick in after the phone is restored as Activation Lock requires Find My iPhone to be enabled.
Overall, someone who may end up with your phone has the means to bypass every possible method you had at your disposal to locate it. The only good news here is that you can ensure more safety if you put a passcode on your phone with a short timer, preventing anyone from getting into the iCloud settings at all. Hopefully this method is improved by Apple in a future update and the iOS platform becomes more secure.
Source: Miguel Alvarado
) via 9to5Mac